hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.88k stars 9.22k forks source link

[Enhancement]: Support failover controls for S3 MRAPs #29144

Open mtttcgcg opened 1 year ago

mtttcgcg commented 1 year ago

Description

Hello, Thank you for the amazing aws provider. We love using it. One feature I have not seen supported yet is the failover controls for S3 MRAPs, recently announced in Nov 2022: https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-s3-multi-region-access-points-failover-active-passive-configurations-failovers/

This would be nice for us so that we can ensure uploads always go to our "active" region instead of hoping they go to the desired region (and waiting for files to replicate if they went to the "secondary" region).

The only change I would expect to the existing MRAP resource would be a single new attribute called "status" which could be set to either active or passive.

Affected Resource(s) and/or Data Source(s)

Potential Terraform Configuration

resource aws_s3_control_multi_region_access_point mymrap {
  details {
    name = "mymrap"
    region {
      bucket = aws_s3_bucket.east.id
      status = "active"
    }

    region {
      bucket = aws_s3_bucket.west.id
      status = "passive"
    }
  }
}

References

  1. https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-s3-multi-region-access-points-failover-active-passive-configurations-failovers/
  2. https://aws.amazon.com/blogs/aws/new-failover-controls-for-amazon-s3-multi-region-access-points/

Would you like to implement a fix?

No

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

mattburgess commented 1 year ago

The implementation of this might have to be a bit more involved. Looking at the API docs one has to call that API from one of only 5 specific regions (regardless of where your actual S3 bucket or failover regions are).

I therefore think this is going to have to be a new resource so that one can do something like this:

resource "aws_s3_control_multi_region_access_point_routes" "example" {
    provider   = aws.us-east-1
    account_id = "01234567912"
    mrap       = aws_s3_control_multi_region_access_point.example.arn

    route {
        bucket                  = aws_s3_bucket.east.id
        region                  = "us-east-2"
        traffic_dial_percentage = 100 # active
    }

    route {
        bucket                  = aws_s3_bucket.west.id
        region                  = "us-west-2"
        traffic_dial_percentage = 0 # passive
    }
}